Bug 42817 - Web Inspector: don't grant universal access to inspector front-end page
Summary: Web Inspector: don't grant universal access to inspector front-end page
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-22 04:47 PDT by Andrey Kosyakov
Modified: 2010-07-22 09:39 PDT (History)
9 users (show)

See Also:


Attachments
patch (2.72 KB, patch)
2010-07-22 04:50 PDT, Andrey Kosyakov
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Kosyakov 2010-07-22 04:47:34 PDT
We used to call SecurityOrigin::grantUniversalAccess() for inspector front-end page. This does not seem to be necessary anymore, so I suggest to remove it for slightly tighter security control.
Comment 1 Andrey Kosyakov 2010-07-22 04:50:54 PDT
Created attachment 62286 [details]
patch
Comment 2 Yury Semikhatsky 2010-07-22 05:39:07 PDT
Comment on attachment 62286 [details]
patch

WebKit/chromium/src/WebDevToolsFrontendImpl.cpp: 
 +      SecurityOrigin* origin = m_webViewImpl->page()->mainFrame()->domWindow()->securityOrigin();
IIRC we needed this to be able to set iframe content.  It shouldn't be necessary with new SourceFrame implementation.
Comment 3 WebKit Commit Bot 2010-07-22 09:39:49 PDT
Comment on attachment 62286 [details]
patch

Clearing flags on attachment: 62286

Committed r63896: <http://trac.webkit.org/changeset/63896>
Comment 4 WebKit Commit Bot 2010-07-22 09:39:54 PDT
All reviewed patches have been landed.  Closing bug.